Skip to content
We want to keep you safe

Privacy Policy

Whitehat Limited Privacy Policy

Welcome to Whitehat SEO Ltd. We recognize the importance of your privacy and are committed to protecting the personal information you share with us. This Privacy Policy outlines how we collect, use, protect, and share information when you visit or use our website, services, and applications. It is designed to comply with the General Data Protection Regulation (GDPR) and other relevant UK laws.

At Whitehat SEO Ltd, we believe in transparency and want you to understand the scope of this policy, which covers all personal data processed by us, whether digital or paper-based. By using our services, you acknowledge you have read and understood this Privacy Policy. We are dedicated to respecting your privacy rights and safeguarding your personal data, ensuring it is treated lawfully and fairly.

If you have any questions or concerns about this policy or our practices, please contact us using the information provided at the end of this document.

What information do we collect?

At Whitehat SEO Ltd, we collect various types of personal information to provide and improve our services. This section details the specific kinds of personal data we collect from you and how we gather this information.

  1. Direct Data Collection: When you interact with our website and services, we collect information that you voluntarily provide. This includes:

    • Personal Identifiers: Such as your name, email address, and contact details, which you provide when subscribing to our newsletter, filling out contact forms, or registering for services and events.
    • Financial Information: If you make purchases, we collect necessary transaction information, including your payment details, which are processed securely.
    • Communications: Any information you provide when communicating with us, such as feedback, contact form submissions, or customer support inquiries.
  2. Indirect Data Collection: As you navigate through and interact with our website, we automatically collect certain information about your equipment and browsing actions. This includes:

    • Cookies and Usage Data: We use cookies and similar technologies to track activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. We collect data about your browsing behavior, including your IP address, browser type, domain names, access times, and referring website addresses. This data helps us to improve our website and deliver a more personalized service.
    • Analytics: We use third-party service providers, such as Google Analytics, to monitor and analyze the use of our site. Information about how you use our website is used to compile reports and to help us improve the site. The data collected includes the number of visitors, where they have come from, and the pages they visited.
  3. Social Media: If you interact with our social media accounts, we may receive personal information about you depending on your settings on the social media service, such as your list of friends or followers.

  4. Third-Party Information: Occasionally, we may receive information about you from third parties such as our business partners and service providers, including demographics data or contact details. We may combine this information with other information you provide to us or that we collect about you.

Please note that our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please be aware that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

Legal Bases for Processing Personal Data

Under the General Data Protection Regulation (GDPR), Whitehat SEO Ltd ensures that our use of personal data is justified by a legal basis. Below, we detail the legal grounds we rely on for processing your personal information:

  1. Consent: We process certain data based on the consent you expressly provide. For example:

    • Marketing Communications: We will send you marketing emails or newsletters only if you have opted in to receive them. You have the right to withdraw your consent at any time.
    • Cookies and Tracking Technologies: We use non-essential cookies and other tracking technologies only after obtaining your consent through our cookie banner.
  2. Contract Performance: We use personal information for fulfilling our obligations under a contract with you. For instance:

    • Service Provision: When you purchase a service or product from us, processing your contact details and payment information is necessary to fulfill our contractual obligation to deliver the service or product.
  3. Legal Obligation: We process personal data as required by law. This includes:

    • Regulatory Compliance: Maintaining records, compliance checks, or sharing information with regulatory authorities as mandated by specific laws.
  4. Vital Interests: We may process personal data when it is necessary to protect the vital interests of a data subject or another person. For example:

    • Emergency Medical Care: Should an incident occur during an event hosted by us, we might have to share your personal details with medical professionals.
  5. Legitimate Interests: We process personal data when it is necessary for the purposes of legitimate interests pursued by us or a third party, provided your interests and fundamental rights do not override those interests. Examples include:

    • Security Measures: Monitoring and preventing misuse or fraud to protect the security of our IT systems, website, and our users.
    • Business Transactions: Sharing information during negotiations for any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
  6. Public Task: On rare occasions, we might process personal information to perform a task carried out in the public interest or in the exercise of official authority vested in us. This includes:

    • Public Data Analysis: Conducting research and analysis to understand market trends which might involve public benefit.

Each of these bases legitimizes our use of your personal data, ensuring that our practices align with the standards set out by GDPR. We are committed to processing your data responsibly and only for the purposes for which it was collected.

Our CMS and CRM

HubSpot is our CMS (Content Management System), which is the platform we host our website on. Any data you submit to us via our website forms will be stored securely in HubSpot. HubSpot's privacy policy is available at:

If you submit one of our website forms in order to be contacted by a member of the sales team, your data will be securely sent to our Sales reps from HubSpot.


We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy. In addition, we may disclose your personal information:

  1. to the extent that we are required to do so by law;
  2. in connection with any legal proceedings or prospective legal proceedings;
  3. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  4. to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
  5. to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Except as provided in this privacy policy, we will not provide your information to third parties.

Retention of data

At Whitehat SEO Ltd, we adhere to strict principles regarding the retention of personal data, ensuring that we only retain personal information for as long as necessary to fulfill the specific purposes outlined in our privacy policy. Below are the retention periods for various categories of personal data, along with the criteria we use to determine these periods:

  1. Contact Information (e.g., names, email addresses):

    • Retention Period: Retained for as long as you remain subscribed to our services or newsletters and for a period of 3 years after the last interaction to allow for potential business inquiries and relationship management.
    • Criteria: The duration is based on the ongoing relationship with active users and the need for historical reference for past interactions.
  2. Financial Transactions and Billing Information:

    • Retention Period: Retained for 6 years beyond the end of the financial year in which the transaction occurred, to comply with tax and accounting legal requirements.
    • Criteria: Determined by legal obligations to maintain financial records for audit and tax purposes.
  3. User Interaction Data (e.g., usage logs, IP addresses):

    • Retention Period: Retained for up to 1 year from the date of collection to analyze system performance and website improvements.
    • Criteria: The duration considers the need for error detection and performance enhancements.
  4. Marketing Data (e.g., campaign analytics, email responses):

    • Retention Period: Retained for 3 years after the last active response to our marketing campaigns to analyze campaign effectiveness and for planning future campaigns.
    • Criteria: The period is based on our marketing cycle and the relevance of the data to future campaigns.
  5. Support Records (e.g., customer service interactions, complaint logs):

    • Retention Period: Retained for 5 years after resolution of the query or complaint to ensure any follow-up actions can be managed appropriately and to improve service quality.
    • Criteria: Retention ensures compliance with customer service standards and regulatory requirements.
  6. Legal Documents and Contractual Agreements:

    • Retention Period: Retained for 7 years after the termination of the contract, as required by common law statutes of limitations for contract claims.
    • Criteria: Based on the legal requirement to retain documents for a period that covers the statutory limitation period.

Each category of data is reviewed annually to determine if it is necessary to continue retaining the data. If we find that any data is no longer required for the purposes for which it was collected, it is securely deleted from our systems. We also respect your rights to request the deletion of your personal data where applicable.

Your rights

Under the General Data Protection Regulation (GDPR), you have specific rights regarding the personal data that Whitehat SEO Ltd holds about you. We are committed to ensuring that you can exercise these rights easily. Below is an overview of your rights and the processes we have put in place for you to exercise them:

  1. Right to Access:

    • Description: You have the right to request a copy of the personal data we hold about you.
    • Procedure: To request access, please send an email to or contact us via postal mail at Data Protection Officer, Whitehat SEO Ltd, 80A Uxbridge Road, W12 8LR, United Kingdom. We will provide a copy of your data within one month of receiving your request.
  2. Right to Rectification:

    • Description: You have the right to have any incorrect or incomplete personal data corrected.
    • Procedure: If you believe that any data we hold is inaccurate or incomplete, please contact us at the above address or email to request a correction.
  3. Right to Erasure (Right to be Forgotten):

    • Description: You can request the deletion of your data where there is no compelling reason for its continued processing.
    • Procedure: To request deletion of your data, please contact our Data Protection Officer using the contact details provided above. We will assess your request and respond within one month.
  4. Right to Restrict Processing:

    • Description: You have the right to request the restriction of processing of your data under certain circumstances.
    • Procedure: To request restriction, please contact our Data Protection Officer. Provide details of what processing you would like to restrict and why.
  5. Right to Data Portability:

    • Description: You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
    • Procedure: For data portability requests, contact We will facilitate the transfer of your data directly to another controller where technically feasible.
  6. Right to Object:

    • Description: You have the right to object to the processing of your data in certain circumstances, including for direct marketing.
    • Procedure: If you wish to object, please contact our Data Protection Officer with the specifics of your objection.
  7. Rights Related to Automated Decision Making and Profiling:

    • Description: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
    • Procedure: We do not perform automated decision-making or profiling that would require additional consent under GDPR. If this changes, we will update our policy and provide a method to express consent or object.

Contact Information for Exercising Your Rights:

  • Email:
  • Postal Address: Data Protection Officer, Whitehat SEO Ltd, 80A Uxbridge Road, W12 8LR, United Kingdom

For further assistance or to discuss your rights, please contact our Data Protection Officer using the contact information above. We are here to help and ensure that your data protection rights are fully respected.

Third-party websites

Whitehat SEO Ltd is committed to maintaining the privacy and integrity of your data. We share information with third parties only when necessary for our operational purposes and under strict data protection agreements. Below is a detailed list of the third parties with whom we share your data, the purposes for this sharing, and the measures taken to ensure compliance with GDPR, including details about international data transfers:

  1. HubSpot:

    • Purpose: We use HubSpot as our Content Management System (CMS) and for customer relationship management (CRM).
    • Data Shared: Includes contact information, interaction records, and behavioural data collected through our website.
    • GDPR Compliance: HubSpot is certified under the EU-U.S. Privacy Shield Framework and commits to GDPR compliance, ensuring an adequate level of data protection.
  2. Google Analytics:

    • Purpose: To analyze the use of our website, which helps us improve functionality and user experience.
    • Data Shared: Includes anonymized IP addresses, browser types, and visitor behaviour on the site.
    • GDPR Compliance: Google participates in the EU-U.S. Privacy Shield Framework, providing a mechanism to comply with data protection requirements when transferring personal data.
  3. Payment Processors (e.g., Stripe, PayPal):

    • Purpose: To process payments made through our website securely.
    • Data Shared: Transaction data including contact details and payment information.
    • GDPR Compliance: These processors are GDPR compliant and implement strong measures to protect your financial information.
  4. Marketing Agencies:

    • Purpose: To assist in targeting and optimizing our marketing campaigns.
    • Data Shared: Contact details and data on engagement with our marketing materials.
    • GDPR Compliance: Agencies are contracted under terms that require them to comply with GDPR and use data only as directed by us.
  5. Cloud Storage Providers (e.g., Amazon Web Services):

    • Purpose: For secure storage of data and backup to ensure business continuity.
    • Data Shared: Personal and operational data stored securely in the cloud.
    • GDPR Compliance: Providers are GDPR-compliant and data is stored within the EEA whenever possible. If data is transferred outside the EEA, it is done under the EU Standard Contractual Clauses which provide legal safeguards.
  6. Legal and Regulatory Authorities:

    • Purpose: When required by law or to protect the legal rights of the firm, including in the event of a legal process or audit.
    • Data Shared: Only the minimal necessary personal information as required by law or legal process.
    • GDPR Compliance: All data sharing is performed under strict legal review and compliance checks.

International Data Transfers:

  • We ensure that any data transferred outside the EEA is managed with the utmost care and in compliance with the GDPR. We employ Standard Contractual Clauses approved by the European Commission and ensure that all third parties involved uphold the same standards of data protection as those mandated by EU law.

Contact Information for Data Sharing Inquiries:

  • Should you have any questions regarding how we share your data, please contact us at or via postal mail at Data Protection Officer, Whitehat SEO Ltd, 80A Uxbridge Road, W12 8LR, United Kingdom.

At Whitehat SEO Ltd, we prioritize your privacy and are committed to maintaining open lines of communication for any inquiries or concerns you may have about your privacy and the data we hold.

General and Privacy-Specific Inquiries

For all inquiries, including those related to privacy or the data we hold about you:

Postal Address

  • Address: Whitehat SEO Ltd, 80A Uxbridge Road, London, W12 8LR, United Kingdom

Online Contact Form

You can also reach out to us directly through our website by visiting Our contact form is a simple and efficient way to send us your inquiries directly.

We are dedicated to responding promptly to all inquiries. If you have specific concerns regarding privacy or the information we hold, please use the email address provided above, and we will ensure your inquiry is handled with the utmost care and urgency.

Special Category Data

Whitehat SEO Ltd recognizes the sensitivity of special category data as defined under the General Data Protection Regulation (GDPR). Special category data includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health, data concerning a natural person's sex life, or sexual orientation.

Policy on Special Category Data

  1. Non-Processing Standard:

    • As a general rule, Whitehat SEO Ltd does not collect or process special category data in our regular business operations. We understand the increased privacy risks associated with such data and have chosen to avoid processing this type of information unless absolutely necessary.
  2. Exceptions:

    • In the rare instance where processing special category data becomes necessary, such processing will only be conducted:
      • With explicit consent from the individuals involved, or
      • Where the processing is required by law, or
      • Where the processing is necessary for the protection of the vital interests of the data subject or another person and where the data subject is physically or legally incapable of giving consent.
    • Justification: Any decision to process special category data under these exceptions will be accompanied by a thorough justification outlining the necessity and the limited scope of the processing.
  3. Security Measures:

    • In circumstances where we must process special category data, stringent security measures will be implemented to protect the data. These measures include, but are not limited to, encryption, access controls, secure data storage solutions, and rigorous compliance checks to ensure that the data is handled lawfully and with the utmost care.
  4. Compliance and Oversight:

    • Our Data Protection Officer (DPO) oversees all activities related to the processing of personal data, including any processing of special category data. This oversight ensures compliance with GDPR and other relevant data protection laws.

Contact for Concerns

  • Should you have any questions about our processing of special category data, please contact us via email at

We are committed to upholding the highest standards of privacy and data protection, particularly when it involves sensitive information categorized under special data categories by GDPR.

Purposes of Processing

Whitehat SEO Ltd processes your personal data to effectively provide and enhance our services, and to meet our legal and contractual obligations. Below, we outline the specific purposes for which we use the data we collect:

  1. To Administer Our Website and Services:

    • Legal Basis: Contract performance, legitimate interests.
    • Purpose: We use your data to manage our website, provide our services, and fulfill our contractual obligations to you.
  2. To Improve User Experience:

    • Legal Basis: Consent, legitimate interests.
    • Purpose: Personal data helps us understand how our visitors use the website and services, allowing us to improve layout, content, and functionality to enhance user experience.
  3. For Communication and Marketing:

    • Legal Basis: Consent, legitimate interests.
    • Purpose: We use contact details to communicate with you regarding your queries, our services, and, if you have opted in, to send you marketing communications. This helps us grow our business and inform you about our offerings.
  4. For Customer Support:

    • Legal Basis: Contract performance.
    • Purpose: We process personal data to provide support services, including handling customer complaints and technical support issues.
  5. To Secure Our Services:

    • Legal Basis: Legitimate interests.
    • Purpose: Ensuring the security of our website and services is paramount, including preventing unauthorized access and modifications to our systems.
  6. For Legal Proceedings and Compliance:

    • Legal Basis: Legal obligation, legitimate interests.
    • Purpose: We may need to process personal data to comply with legal requirements, assist in investigations, and protect our legal rights.
  7. Analysis and Reporting:

    • Legal Basis: Legitimate interests.
    • Purpose: We use data for internal analysis and performance tracking to improve our services and customer relationships.
  8. To Handle Transactions and Payments:

    • Legal Basis: Contract performance.
    • Purpose: Processing financial transactions and payments is necessary to complete the purchases made on our website.

Each of these purposes is carefully considered to ensure that your data is used appropriately and respects your privacy rights. Our commitment to transparency ensures that data processing aligns with these stated purposes and is only undertaken with the necessary legal basis.


Whitehat SEO Ltd utilizes cookies and similar tracking technologies to enhance your experience on our website, analyze our site traffic, and understand where our visitors are coming from. Below we explain the types of cookies we use, their purposes, and how you can manage your preferences.

Types of Cookies Used

  1. Essential Cookies:

    • Purpose: These cookies are crucial for the basic functions of our website and the services we offer. They enable core functionalities such as security, network management, and accessibility. The website cannot function properly without these cookies.
    • Examples: Session cookies that ensure users stay logged in as they navigate through the site.
  2. Performance Cookies:

    • Purpose: These cookies help us understand how visitors interact with our website, providing information about the areas visited, the time spent on the site, and any issues encountered, such as error messages.
    • Examples: Google Analytics cookies that help us measure how users interact with website content.
  3. Functional Cookies:

    • Purpose: These cookies allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
    • Examples: Cookies that remember your preferences and settings.
  4. Advertising Cookies:

    • Purpose: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.
    • Examples: Cookies used by advertising networks such as Google AdSense that gather data about your activities and interests to target relevant advertising.
  5. Social Media Cookies:

    • Purpose: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks.
    • Examples: Cookies that enable the sharing of data with social media platforms like Facebook or Twitter.

Managing Cookie Preferences

You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by setting or amending your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our site may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

Furthermore, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit or

More Information

For further information on how we use, store, and keep your personal data secure, see our Privacy Policy. If you have any questions about our use of cookies or other technologies, please email us at 

Using your personal information

Data submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use this data to:

  • administer the website;
  • improve your browsing experience by personalising the website;
  • enable your use of the services available on the website;
  • send you general (non-marketing) commercial communications;
  • send you email notifications which you have specifically requested;
  • send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically consented to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
  • provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
  • deal with enquiries and complaints made by or about you relating to the website;
  • keep the website secure and prevent fraud;

We will not — without your express consent — provide your personal information to any third parties for the purpose of direct marketing.

Security of your personal information

At Whitehat SEO Ltd, we are committed to ensuring the security of your personal data. We employ a range of technical and organizational measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  1. Technical Measures:

    • Encryption: We use strong encryption for the transmission of data to and from our website. Sensitive data such as payment information is encrypted using secure sockets layer (SSL) technology to ensure that it is protected.
    • Access Controls: Access to personal data is strictly limited to personnel who need access to perform their job functions. We use role-based access controls to enforce these limitations.
    • Firewalls and Intrusion Detection Systems: Our network is protected with firewalls and monitored using intrusion detection systems to detect and prevent unauthorized access.
    • Secure Data Storage: All personal data is stored in secure servers with controlled access and multiple layers of physical and logical security.
    • Regular Audits: We regularly conduct security audits and vulnerability assessments to identify and address potential security issues in our systems and applications.
  2. Organizational Measures:

    • Data Protection Training: All employees receive training on the importance of data protection and how to secure personal data appropriately.
    • Data Protection Policies: We maintain robust data protection policies and procedures, which are regularly reviewed and updated to comply with current laws and standards.
    • Incident Response Plan: We have a formal incident response plan in place to promptly address any security breaches or data leaks. This plan includes procedures for containment, investigation, and notification to affected individuals and regulatory authorities if necessary.
    • Vendor Risk Management: We carefully select and monitor third-party service providers who handle personal data to ensure they meet our strict data protection and security standards.
    • Data Minimization: We adhere to the principle of data minimization by collecting only the data necessary for specific, outlined purposes and limiting access to personal data to individuals who need it to perform their job functions.

These measures are designed to provide a high level of security appropriate to the risks associated with the processing activities. We continuously evaluate and update our security practices to adapt to new threats and challenges, ensuring that your personal data remains secure.

Policy amendments

Whitehat SEO Ltd is committed to continually enhancing its compliance and privacy practices. Therefore, our Privacy Policy may be updated periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Update Process

  1. Review and Revision:

    • Frequency: Our Data Protection Officer reviews the Privacy Policy annually or as needed to respond to changes in regulatory requirements, new processing activities, or security enhancements.
    • Procedure: Updates are made considering the latest privacy laws and standards, ensuring that our practices stay aligned with GDPR and other relevant regulations.
  2. Approval:

    • Process: Before any changes are implemented, they must be approved internally to ensure that all updates meet our stringent data protection and privacy standards.

Notifying Users of Changes

  • Communication Channels:

    • Immediate Notification: Significant changes to the policy are communicated through our website and via email to all active users.
    • Website Update: The revised Privacy Policy will always be accessible on our website, with the revision date clearly indicated at the top of the policy document.
  • Engagement:

    • Feedback Encouraged: We invite feedback on any changes to the policy to ensure that our users’ privacy preferences are considered and respected.

Ensuring Awareness

  • Accessibility: We ensure that our Privacy Policy is easy to find on our website, typically linked at the footer of each page.
  • Clear Language: All updates are written in clear, straightforward language to ensure that our users understand what the changes mean for their personal data.

Archived Versions

  • Archiving: Previous versions of our Privacy Policy are archived and available upon request, providing transparency on how our practices have evolved over time.

If you have any questions or concerns about our Privacy Policy or the data we hold about you, please contact us at 

Data we will not process or hold

We will not process or hold any special category data, including:

  • Race;
  • Ethnic origin;
  • Political opinions;
  • Religion;
  • Philosophical beliefs;
  • Trade union membership;
  • Genetic data, for the purpose of uniquely identifying a natural person;
  • Bio-metric data, for the purpose of uniquely identifying a natural person;
  • Health data;
  • Concerning a natural person's sex life;
  • Sexual orientation.

We will also not process or hold any data irrelevant to the purposes of doing business with you.

Updating information

Please let us know if the data we hold about you needs to be corrected or updated.

Data controller

The data controller responsible in respect of the information collected on this website is WhiteHat SEO Limited.

See why you’re not generating more leads and driving better results

Want a FREE 30 minute Inbound Marketing Assessment?